New ApkScan features

We are happy to introduce some new features to NVISO ApkScan today! We are excited to announce the following changes:

New features

The Sandbox is now using Android 4.1 emulators, instead of the Android 2.3 emulators. We are using a Nexus 4 image to ensure we can run as much samples as possible that make use of more recent API’s.

Besides user-uploaded samples, we are now automatically analyzing samples submitted to a range of Android app stores. This ensures that our workers are never “idle” waiting for new samples submitted by users (although your uploaded samples will always get priority in the queue!). On the report overview page, you can now select “app market samples” in the filter at the top to see the results of these scans. More information and support for such integration with app markets will follow soon and will be announced here.

New in the scan reports: see which services were started by the scanned application.

New in the scan reports: see which files were accessed by the scanned application.

New in the scan reports: sections that might indicate malicious behavior are now highlighted with an animation, so you can easily spot them.

New in the scan reports: you can now see from where (the website or an app market) and when, a sample was uploaded on the website (section “Origin” at the top of the report).

Improvements

The operation through which information was leaked, is now being reported.

Significant speed improvements during the dynamic analysis phase. This should make your scans run faster.

Report generation is now offloaded to the web server instead of the lab workers, giving the lab workers more time to do what they do best: analyze samples. This should make your scans run faster.

The section on the cryptographic activity has been split up into three sub-sections to make the report more readable: used encryption keys, encryption operations and decryption operations are each reported individually.

Interaction with the Google Safe Browsing API has been made more reliable and should return with more accurate results.

Bug Fixes

Fixed a bug where reports were not listed in the correct order on the report overview page.

Fixed a bug where the interactive search functionality on the report overview page would sometimes stop working after a few keystrokes.

Fixed a bug where samples were sometimes uploaded twice when being dropped into the upload area.